- name: check/create instance
  hosts: 209.132.184.144
  user: root
  gather_facts: False

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"

  tasks:
  - include: "{{ tasks }}/persistent_cloud.yml"
  - include: "{{ tasks }}/growroot_cloud.yml"

- name: provision instance
  hosts: 209.132.184.144
  user: root
  gather_facts: True

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"
  - name: mount up disk of copr fe
    action: mount name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted
  - include: "{{ tasks }}/iptables.yml"

  - name: mount up bind mount for postgres
    action: mount src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted
  # we could not use ourself repo :(
  #- name: copy copr.repo
  #  action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo

  - name: set the hostname
    shell: hostname copr-fe.cloud.fedoraproject.org

  - name: copy .forward file
    action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root

  - name: install copr-fe pkgs
    action: yum state=installed pkg={{ item }}
    with_items:
    - copr-frontend
    - copr-selinux
    - postgresql-server
    - bash-completion
    - fail2ban
    - mod_ssl
    tags:
    - packages

  - name: install copr configs
    template: src="{{ files }}/copr/fe/copr.conf" dest=/etc/copr/copr.conf mode=600
    notify:
    - restart httpd
    tags:
    - config

  - name: copy apache files to conf.d
    action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
    with_items:
    - coprs.conf
    - welcome.conf

  - name: copy pg_hba.conf
    action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600

  # open up ports (22, 80, 443)
  - name: poke holes in the firewall
    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
    - --service=http
 
  - name: enable services
    action: service state=running enabled=yes name={{ item }}
    with_items:
    - httpd
    - postgresql
    - fail2ban

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
